Open atpoirie opened 1 year ago
We are also running into this being flagged by our security scanner.
We are also seeing this; I haven't dug too deep but it looks like Debian's package repository doesn't have an updated version of NuGet yet so it may be blocked by that.
Using image python:4-python3.10-appservice, started seeing CVE-2023-29337, marked high, being identified in reference to nuget.protocol and nuget.common in the file /azure-functions-host/Microsoft.Azure.WebJobs.Script.WebHost.deps.json
Not sure if this belongs on the azure functions docker side, azure functions host side, or both.
Vulnerability is new, but assuming other commercial entities will start reporting the same when their deployments become blocked.